Michigan Grid Research and Infrastructure Development (MGRID)
|
|
- Brice Christopher Watts
- 5 years ago
- Views:
Transcription
1 Michigan Grid Research and Infrastructure Development (MGRID) Abhijit Bose MGRID and Dept. of Electrical Engineering and Computer Science The University of Michigan Ann Arbor, MI
2 MGRID: Background Multiple Grid efforts at the UM Cluster Computing (ATLAS, CAC/NPACI, DZero, NCBI) Automated network configuration and testing, Network QoS reservation (CITI, ITCom) Remote Instrument (SI NEES Earthquake Grid) Collaborative tools (SI CHEF Collaboration portal) Data base searches (Bioinformatics, MCBI) Malware threat detection grid Integration challenge for UM
3 Collaborators Who is MGRID? School of Information Campus Computing Sites Center for Information Technology Integration (CITI) Department of Physics LSA College of Engineering Center for Advanced Computing Duderstadt Center Information Technology Communications (ITCOM) Michigan Center for Biological Information (MCBI)... and many more...
4 Why MGRID Grid software (Globus etc.) is difficult to run, complex to install and manage Promote ease of use More time to do science, instead of IT management How to prototype the Grid to fit into UM IT environment Large (> 100,000) user base for Grid service Produce a generalized Grid service Leverage existing security and group services Add Fine grained policy driven access control Let the owners of resources control their resource - Who, what, where, when, and how - But make it easy for them to do so
5 MGRID Funding Goal: build pilot institutional grid Founding Partners External Sponsors NFS NMI/NSF NEES Mid-America Earthquake Center
6 MGRID Overview Portal Security MGRID Scheduling Applications
7 MGRID Projects CORE INFRASTRUCTURE Kerberos Leveraged PKI kx509 Clients, KCT and mod_kct Apache web server modules. authenticates users against Globus Gatekeepers (password-less) MARS resource provisioning, scheduling and resource management fault-tolerance tunable resource scheduling, scheduling research (utility-driven) GridNFS integrates distributed file system (NFSv4) and flexible identity management to meet the needs of grid-based virtual organizations.
8 MGRID Projects CORE INFRASTRUCTURE WALDEN eliminates the need to manage user identities on hosts that participate in a grid environment. This is accomplished by moving user authentication to the client, replacing the static mapping between X.509 identities (Distinguished Names) and local user names in the Globus grid-mapfile with a dynamic approach using secure LDAP. Accounting allows usage reports on disparate scheduler log formats, such as PBSPro and Condor. Usage logs are translated into a common, standard XML format (defined by GGF UR-WG).
9 MGRID Projects MGRID APPLICATIONS AT MICHIGAN ATLAS UltraLight NEESGrid Bio-Physics Chemistry Agent-Based Simulations NTAP Secure Multipoint Video-Conferencing Distributed Threat Detection PORTAL SOFTWARE MGRID Portal SAKAI/MGRID
10 Existing Infrastructure Uniqname Unique campus wide user name to UID Kerberos V5 (multiple cells) KX509 Group Services AFS groups, LDAP Directory services LDAP
11 MGRID Portal User workstation KX509 to obtain user X509 credentials KX509 Certificate available to browser Additions to OpenSSL (in 9.0.7), required on MGRID Portal SSL handshake recorded MGRID Portal SSL configured to require user X509 credentials
12 MGRID Portal Hides complexity from user Individual or Organizational presentation CHEF Easily extensible Add new Grid applications With generic Grid resource, can run any back-end program Built on strong security
13 MGRID Architecture MGRID Portal Apache mod ssl mod kct mod kx509 mod jk mod php 4 Kerberos 5 SSL Client Certificate required 3 Kerberos V5 KCT KCA KDC 2 Kerberos 1 User Workstation Browser libpkcs11 kx509 kinit Tomcat CHEF LDAP Authorization 6 GSI 6 SASL 8 Meta Scheduler GateKeeper Resource Mng Resource SASL 7 LDAP Authorization Grid Resource
14 MGRID Project Highlights Multi-Resource Scheduling (MARS) Authorization (Walden) Accounting NTAP (Network Testing and Performance)
15 A Sample of MGRID Applications Gaussian (Chemistry, Bio-Physics) Molecular Dynamics (user-developed) BLAST MATLAB Agent-Based Simulations (Economics)
16 The MARS Project Goals: Develop a framework for co-scheduling distributed resources and workload management Develop algorithms for fault-tolerant scheduling in support of extreme-scale computing NSF Award # (10/ /2007), Ford Motor Company, MGRID, Altair
17 Extensible Architecture MARS: Design Goals Multiple standards for job description: JSDL, DRMAA, GRAAP Remote communications with local resource managers New scheduling algorithms can be easily incorporated On-Demand Task Scheduling Resources on-demand (prioritized task queues and pre-emption of lower priority tasks). Example: Solar weather prediction, disaster management Resource Usage Forecasting Efficient scheduling decisions across multiple resources MARS currently uses low-pass filters (exponential smoothing)
18 MARS: Design Goals Allow Globus and 3 rd Party Deployment Paths Allow Globus MDS (Resource Discovery) and GSI (Security) Allow building MARS library with and without Globus support Allow kx509 proxy certificate Allow 3 rd party resource monitoring frameworks Non-Globus path is also allowed Fault-tolerance against Internal and Resource-level Faults Snapshots and incremental checkpointing of workload buffers Allow transfer of running and queued workload to other resources Allow internal buffers when resources are full Allow 3 rd party authorization and policy APIs (XML/SOAP)
19 MARS: Architecture Task Resource Blocks (TRBs) allow task prioritization, global monitoring and indexing of tasks Resource filtering - Each task gets a TRB that includes a MARS JobID - Individual schedulers assign their own JobIDs - TRBs encapsulate these IDs
20 MARS in A Typical Enterprise Data Center Portal MARS Scheduling Jobs Database and Directory Job submission Data Views (Future) Job Status CPU Data Transport Agents (GridFTP, SCP, HTTP) Shared Storage Local Storage Local Storage
21 MARS: Better Workload Management Schedule generated by PBS (3 month period, 120 CPUs) Schedule generated by GA-MARS (3 month period, 120 CPUs)
22 MGRID Authorization Globus provides a static grid-mapfile for coarsegrained authorization Each grid-mapfile is locally maintained on each resource, mapping a user's X.509 DN to a local account Users either share local accounts, providing little accountability, or are granted unique local accounts, creating administrative problems How to provide fine-grained authorization with one-toone user-account mapping?
23 Walden Authorization Fine-Grained authorization module based on XACML standard (XACML-based policy engine) Cluster owners have complete administrative control over who uses their resources Policy files define rules based on group membership, time of day, resource load, etc. Local account management is unnecessary Group membership can be assigned from one or several secure LDAP servers
24
25 Walden Authorization Step 1: Obtain a Kerberos V Ticket Granting Ticket (TGT), which is then used to obtain and cache a KX.509 certificate. Step 2: Submit a job request to Globus gatekeeper Step 3: Gatekeeper invokes gridmap callout function, forwarding authorization request to Walden module. Policy Enforcement Point (PEP) formats and sends request to Policy Decision Point (PDP). PDP retrieves XACML policy (if necessary) from central policy repository
26
27 Walden Authorization Step 4-5: Policy Decision Point (PDP) retrieves a 'bag of attributes' corresponding to user from secure LDAP server, and extensible to many other sources. User attributes (e.g. Group Membership) is compared against authorization request PDP returns a response of Permit, Deny, or indeterminate, along with any obligations.
28 Walden Authorization Step 6-7: Policy Enforcement Point (PEP) parses response and obligations. If no defined obligations, PEP binds user to (permanent) local account from secure LDAP query. If guest user obligation defined, PEP binds user to available guest account.
29
30 Walden Authorization Step 8: If the user is authorized, the local account identity is returned to globus (otherwise, authorization is denied). Step 9: The globus gatekeeper submits the authorized job request to the grid cluster, using the defined permanent or guest user account.
31 MGRID Accounting Step 1: Grid scheduling software (e.g. PBSPro, Condor) generates usage log files in various formats Step 2: MGRID Accounting translates usage log files into common XML format Step 3: MGRID Accounting ingests data into MySql database for report generation and review Conforms to GGF Accounting Schemas
32 Usage data displayed in graphical and tabular format
33 User Workstation browser libpkcs11 kx509 kinit NTAP Architecture 1. The user authenticates to the portal host via kx.509 and submits a network test request Kerberos V5 KCT KCA KDC 2. The portal host constructs a path between specified endpoints, issues test reservations, and updates the output database. Portal Host Apache mod ssl mod kct mod kx509 mod jp mod php pilot PMP Host GateKeeper Resource Mgr iperf, etc 3. PMPs* on the test path run performance tests between pairs of routers. * Performance Monitoring Platform PMP Host GateKeeper Resource Mgr iperf, etc LDAP Output NW Topology 4. The portal host displays results.
34 Thank you!
Grid Computing Fall 2005 Lecture 5: Grid Architecture and Globus. Gabrielle Allen
Grid Computing 7700 Fall 2005 Lecture 5: Grid Architecture and Globus Gabrielle Allen allen@bit.csc.lsu.edu http://www.cct.lsu.edu/~gallen Concrete Example I have a source file Main.F on machine A, an
More informationGrid Architectural Models
Grid Architectural Models Computational Grids - A computational Grid aggregates the processing power from a distributed collection of systems - This type of Grid is primarily composed of low powered computers
More information30 Nov Dec Advanced School in High Performance and GRID Computing Concepts and Applications, ICTP, Trieste, Italy
Advanced School in High Performance and GRID Computing Concepts and Applications, ICTP, Trieste, Italy Why the Grid? Science is becoming increasingly digital and needs to deal with increasing amounts of
More informationGrid services. Enabling Grids for E-sciencE. Dusan Vudragovic Scientific Computing Laboratory Institute of Physics Belgrade, Serbia
Grid services Dusan Vudragovic dusan@phy.bg.ac.yu Scientific Computing Laboratory Institute of Physics Belgrade, Serbia Sep. 19, 2008 www.eu-egee.org Set of basic Grid services Job submission/management
More informationUsing the MyProxy Online Credential Repository
Using the MyProxy Online Credential Repository Jim Basney National Center for Supercomputing Applications University of Illinois jbasney@ncsa.uiuc.edu What is MyProxy? Independent Globus Toolkit add-on
More informationHardware Tokens in META Centre
MWSG meeting, CERN, September 15, 2005 Hardware Tokens in META Centre Daniel Kouřil kouril@ics.muni.cz CESNET Project META Centre One of the basic activities of CESNET (Czech NREN operator); started in
More informationNMI Component Testing Guidelines Pertaining to: NMI Release 1 (released May 7, 2002)
NSF Middleware Initiative Integration Testbed Page 1 of 40 NMI Component Testing Guidelines Pertaining to: NMI Release 1 (released May 7, 2002) July 8, 2002 This packet contains NMI Component Testing Guidelines
More informationGlobus GTK and Grid Services
Globus GTK and Grid Services Michael Rokitka SUNY@Buffalo CSE510B 9/2007 OGSA The Open Grid Services Architecture What are some key requirements of Grid computing? Interoperability: Critical due to nature
More informationManaging Grid Credentials
Managing Grid Credentials Jim Basney http://www.ncsa.uiuc.edu/~jbasney/ Senior Research Scientist Grid and Security Technologies National Center for Supercomputing Applications
More informationGrid Scheduling Architectures with Globus
Grid Scheduling Architectures with Workshop on Scheduling WS 07 Cetraro, Italy July 28, 2007 Ignacio Martin Llorente Distributed Systems Architecture Group Universidad Complutense de Madrid 1/38 Contents
More informationEGEE and Interoperation
EGEE and Interoperation Laurence Field CERN-IT-GD ISGC 2008 www.eu-egee.org EGEE and glite are registered trademarks Overview The grid problem definition GLite and EGEE The interoperability problem The
More informationThe LGI Pilot job portal. EGI Technical Forum 20 September 2011 Jan Just Keijser Willem van Engen Mark Somers
The LGI Pilot job portal EGI Technical Forum 20 September 2011 Jan Just Keijser Willem van Engen Mark Somers Outline What? Why? How? Pro's and Cons What's next? Credits 2 What is LGI? LGI Project Server
More informationLayered Architecture
The Globus Toolkit : Introdution Dr Simon See Sun APSTC 09 June 2003 Jie Song, Grid Computing Specialist, Sun APSTC 2 Globus Toolkit TM An open source software toolkit addressing key technical problems
More information[GSoC Proposal] Securing Airavata API
[GSoC Proposal] Securing Airavata API TITLE: Securing AIRAVATA API ABSTRACT: The goal of this project is to design and implement the solution for securing AIRAVATA API. Particularly, this includes authenticating
More informationGLOBUS TOOLKIT SECURITY
GLOBUS TOOLKIT SECURITY Plamen Alexandrov, ISI Masters Student Softwarepark Hagenberg, January 24, 2009 TABLE OF CONTENTS Introduction (3-5) Grid Security Infrastructure (6-15) Transport & Message-level
More informationRB-GACA: A RBAC based Grid Access Control Architecture
RB-GACA: A RBAC based Grid Access Control Architecture Weizhong Qiang, Hai Jin, Xuanhua Shi, Deqing Zou, Hao Zhang Cluster and Grid Computing Lab Huazhong University of Science and Technology, Wuhan, 430074,
More informationA User-level Secure Grid File System
A User-level Secure Grid File System Ming Zhao, Renato J. Figueiredo Advanced Computing and Information Systems (ACIS) Electrical and Computer Engineering University of Florida {ming, renato}@acis.ufl.edu
More informationGSI Online Credential Retrieval Requirements. Jim Basney
GSI Online Credential Retrieval Requirements Jim Basney jbasney@ncsa.uiuc.edu http://www.ncsa.uiuc.edu/~jbasney/ Online Credential Retrieval Defined Client Server Authenticate Request Credential Verify
More informationSAML-Based SSO Solution
About SAML SSO Solution, page 1 Single Sign on Single Service Provider Agreement, page 2 SAML-Based SSO Features, page 2 Basic Elements of a SAML SSO Solution, page 3 Cisco Unified Communications Applications
More informationGrid Middleware and Globus Toolkit Architecture
Grid Middleware and Globus Toolkit Architecture Lisa Childers Argonne National Laboratory University of Chicago 2 Overview Grid Middleware The problem: supporting Virtual Organizations equirements Capabilities
More informationDeploying the TeraGrid PKI
Deploying the TeraGrid PKI Grid Forum Korea Winter Workshop December 1, 2003 Jim Basney Senior Research Scientist National Center for Supercomputing Applications University of Illinois jbasney@ncsa.uiuc.edu
More informationThe University of Oxford campus grid, expansion and integrating new partners. Dr. David Wallom Technical Manager
The University of Oxford campus grid, expansion and integrating new partners Dr. David Wallom Technical Manager Outline Overview of OxGrid Self designed components Users Resources, adding new local or
More informationEUROPEAN MIDDLEWARE INITIATIVE
EUROPEAN MIDDLEWARE INITIATIVE VOMS CORE AND WMS SECURITY ASSESSMENT EMI DOCUMENT Document identifier: EMI-DOC-SA2- VOMS_WMS_Security_Assessment_v1.0.doc Activity: Lead Partner: Document status: Document
More informationNMI Component Testing Guidelines Pertaining to: NMI Release 3 (Release date: April 28, 2003) May 2, 2003
NMI Component Testing Guidelines Pertaining to: NMI Release 3 (Release date: April 28, 2003) May 2, 2003 This packet contains NMI Component Testing Guidelines for individual components released as part
More informationAn XACML Attribute and Obligation Profile for Authorization Interoperability in Grids
GWD-C Federated Security fed-sec@ogf.org Rachana Ananthakrishnan, Argonne National Laboratory Gabriele Garzoglio, Fermilab Oscar Koeroo, Nikhef March 11, 2012 Protocol version 1.2 An XACML Attribute and
More informationK4-5 Upgrade: The Saga Continues
K4-5 Upgrade: The Saga Continues Trials and Tribulations of Kerberos Transition at the University of Michigan or How to Prepare for the Next Upgrade Overview In next half an hour we will: Present a general
More informationGrid Programming: Concepts and Challenges. Michael Rokitka CSE510B 10/2007
Grid Programming: Concepts and Challenges Michael Rokitka SUNY@Buffalo CSE510B 10/2007 Issues Due to Heterogeneous Hardware level Environment Different architectures, chipsets, execution speeds Software
More informationNovell Access Manager
Setup Guide AUTHORIZED DOCUMENTATION Novell Access Manager 3.1 SP3 February 02, 2011 www.novell.com Novell Access Manager 3.1 SP3 Setup Guide Legal Notices Novell, Inc., makes no representations or warranties
More informationSriram Krishnan
A Web Services Based Architecture for Biomedical Applications Sriram Krishnan sriram@sdsc.edu Goals Enabling integration across multi-scale biomedical applications Leveraging geographically distributed,
More informationA RESOURCE MANAGEMENT FRAMEWORK FOR INTERACTIVE GRIDS
A RESOURCE MANAGEMENT FRAMEWORK FOR INTERACTIVE GRIDS Raj Kumar, Vanish Talwar, Sujoy Basu Hewlett-Packard Labs 1501 Page Mill Road, MS 1181 Palo Alto, CA 94304 USA { raj.kumar,vanish.talwar,sujoy.basu}@hp.com
More informationIndependent Software Vendors (ISV) Remote Computing Usage Primer
GFD-I.141 ISV Remote Computing Usage Primer Authors: Steven Newhouse, Microsoft Andrew Grimshaw, University of Virginia 7 October, 2008 Independent Software Vendors (ISV) Remote Computing Usage Primer
More informationGrid Computing. MCSN - N. Tonellotto - Distributed Enabling Platforms
Grid Computing 1 Resource sharing Elements of Grid Computing - Computers, data, storage, sensors, networks, - Sharing always conditional: issues of trust, policy, negotiation, payment, Coordinated problem
More informationNovell Access Manager
Setup Guide AUTHORIZED DOCUMENTATION Novell Access Manager 3.0 SP4 IR2 January 30, 2009 www.novell.com Novell Access Manager 3.0 SP4 Setup Guide Legal Notices Novell, Inc., makes no representations or
More informationSAML-Based SSO Solution
About SAML SSO Solution, page 1 SAML-Based SSO Features, page 2 Basic Elements of a SAML SSO Solution, page 2 SAML SSO Web Browsers, page 3 Cisco Unified Communications Applications that Support SAML SSO,
More informationBlackBerry Enterprise Server for IBM Lotus Domino Version: 5.0. Administration Guide
BlackBerry Enterprise Server for IBM Lotus Domino Version: 5.0 Administration Guide SWDT487521-636611-0528041049-001 Contents 1 Overview: BlackBerry Enterprise Server... 21 Getting started in your BlackBerry
More informationDay 1 : August (Thursday) An overview of Globus Toolkit 2.4
An Overview of Grid Computing Workshop Day 1 : August 05 2004 (Thursday) An overview of Globus Toolkit 2.4 By CDAC Experts Contact :vcvrao@cdacindia.com; betatest@cdacindia.com URL : http://www.cs.umn.edu/~vcvrao
More informationShibVomGSite: A Framework for Providing Username and Password Support to GridSite with Attribute based Authorization using Shibboleth and VOMS
ShibVomGSite: A Framework for Providing Username and Password Support to GridSite with Attribute based Authorization using Shibboleth and VOMS Joseph Olufemi Dada & Andrew McNab School of Physics and Astronomy,
More informationIntroduction to Grid Computing
Milestone 2 Include the names of the papers You only have a page be selective about what you include Be specific; summarize the authors contributions, not just what the paper is about. You might be able
More informationManaging AON Security
CHAPTER 4 This chapter describes AON functions relating to security, authentication, and authorization. It includes the following topics. Managing Keystores, page 4-1 Configuring Security Properties, page
More informationArgus Vulnerability Assessment *1
Argus Vulnerability Assessment *1 Manuel Brugnoli and Elisa Heymann Universitat Autònoma de Barcelona June, 2011 Introduction Argus is the glite Authorization Service. It is intended to provide consistent
More informationCOMPUTE CANADA GLOBUS PORTAL
COMPUTE CANADA GLOBUS PORTAL Fast, user-friendly data transfer and sharing Jason Hlady University of Saskatchewan WestGrid / Compute Canada February 4, 2015 Why Globus? I need to easily, quickly, and reliably
More informationNetwork Device Provisioning
Network Device Provisioning Spring Internet2 Meeting April 23, 2013 Jim Jokl University of Virginia 1 The Problem Set Enable the use of strong authentication Passwords are painful and phishing is easy
More informationSubtitle: Join Sun Solaris Systems to Active Directory with Likewise
Keywords: join solaris to active directory, solaris active directory integration, solaris AD, solaris active directory, solaris winbind, Sun Identity Manager, Unix authentication, solaris authentication,
More informationNew open source CA development as Grid research platform.
New open source CA development as Grid research platform. National Research Grid Initiative in Japan Takuto Okuno. 1 About NAREGI PKI Group (WP5) 2 NAREGI Authentication Service Perspective To develop
More informationHow to Configure Authentication and Access Control (AAA)
How to Configure Authentication and Access Control (AAA) Overview The Barracuda Web Application Firewall provides features to implement user authentication and access control. You can create a virtual
More informationGrid Authentication and Authorisation Issues. Ákos Frohner at CERN
Grid Authentication and Authorisation Issues Ákos Frohner at CERN Overview Setting the scene: requirements Old style authorisation: DN based gridmap-files Overview of the EDG components VO user management:
More informationThe Modern Web Access Management Platform from on-premises to the Cloud
The Modern Web Access Management Platform from on-premises to the Cloud Single Sign On, Access Controls, Session Management and how to use Access Management to protect applications both on premises and
More informationJohn Heimann Director, Security Product Management Oracle Corporation
John Heimann Director, Security Product Management Oracle Corporation Oracle9i Application Server v2 Security What s an Application Server? Development and deployment environment Web(HTML,XML,SOAP) J2EE
More informationWeb Services in Cincom VisualWorks. WHITE PAPER Cincom In-depth Analysis and Review
Web Services in Cincom VisualWorks WHITE PAPER Cincom In-depth Analysis and Review Web Services in Cincom VisualWorks Table of Contents Web Services in VisualWorks....................... 1 Web Services
More informationTechnical Overview. Access control lists define the users, groups, and roles that can access content as well as the operations that can be performed.
Technical Overview Technical Overview Standards based Architecture Scalable Secure Entirely Web Based Browser Independent Document Format independent LDAP integration Distributed Architecture Multiple
More informationThe PRIMA Grid Authorization System
The PRIMA Grid Authorization System Markus Lorch and Dennis Kafura {mlorch@vt.edu, kafura@cs.vt.edu} Department of Computer Science Virginia Tech Blacksburg, VA 24061 Abstract PRIMA, a system for PRIvilege
More informationOpenIAM Identity and Access Manager Technical Architecture Overview
OpenIAM Identity and Access Manager Technical Architecture Overview Overview... 3 Architecture... 3 Common Use Case Description... 3 Identity and Access Middleware... 5 Enterprise Service Bus (ESB)...
More informationJitterbit is comprised of two components: Jitterbit Integration Environment
Technical Overview Integrating your data, applications, and other enterprise systems is critical to the success of your business but, until now, integration has been a complex and time-consuming process
More informationAn XACML Attribute and Obligation Profile for Authorization Interoperability in Grids
GWD-CP.205 Federated Security fedsec-cg@ogf.org Rachana Ananthakrishnan, Argonne National Laboratory Gabriele Garzoglio *, Fermilab Oscar Koeroo *, Nikhef January 21, 2013 Protocol version 1.2 An XACML
More informationImplementing a Ground Service- Oriented Architecture (SOA) March 28, 2006
Implementing a Ground Service- Oriented Architecture (SOA) March 28, 2006 John Hohwald Slide 1 Definitions and Terminology What is SOA? SOA is an architectural style whose goal is to achieve loose coupling
More informationMigration and Building of Data Centers in IBM SoftLayer
Migration and Building of Data Centers in IBM SoftLayer Advantages of IBM SoftLayer and RackWare Together IBM SoftLayer offers customers the advantage of migrating and building complex environments into
More informationForeScout Open Integration Module: Data Exchange Plugin
ForeScout Open Integration Module: Data Exchange Plugin Version 3.2.0 Table of Contents About the Data Exchange Plugin... 4 Requirements... 4 CounterACT Software Requirements... 4 Connectivity Requirements...
More informationMoving LDAP Writes to Web Services
Greek School Network National Technical University of Athens Moving LDAP Writes to Web Services Kostas Kalevras National Technical University of Athens, Network Operations Center kkalev@noc.ntua.gr 2007,
More informationIntegrating a directory server
Integrating a directory server Knox Manage provides a directory service that integrates a client's directory server through a Lightweight Directory Access Protocol (LDAP)-based Active Directory service
More informationCILogon Project
CILogon Project GlobusWORLD 2010 Jim Basney jbasney@illinois.edu National Center for Supercomputing Applications University of Illinois at Urbana-Champaign This material is based upon work supported by
More informationPrivileged Identity App Launcher and Session Recording
Privileged Identity App Launcher and Session Recording 2018 Bomgar Corporation. All rights reserved worldwide. BOMGAR and the BOMGAR logo are trademarks of Bomgar Corporation; other trademarks shown are
More informationSentinet for BizTalk Server SENTINET
Sentinet for BizTalk Server SENTINET Sentinet for BizTalk Server 1 Contents Introduction... 2 Sentinet Benefits... 3 SOA and API Repository... 4 Security... 4 Mediation and Virtualization... 5 Authentication
More informationManaging CAE Simulation Workloads in Cluster Environments
Managing CAE Simulation Workloads in Cluster Environments Michael Humphrey V.P. Enterprise Computing Altair Engineering humphrey@altair.com June 2003 Copyright 2003 Altair Engineering, Inc. All rights
More informationExam : Implementing Microsoft Azure Infrastructure Solutions
Exam 70-533: Implementing Microsoft Azure Infrastructure Solutions Objective Domain Note: This document shows tracked changes that are effective as of January 18, 2018. Design and Implement Azure App Service
More informationEvolution of the ATLAS PanDA Workload Management System for Exascale Computational Science
Evolution of the ATLAS PanDA Workload Management System for Exascale Computational Science T. Maeno, K. De, A. Klimentov, P. Nilsson, D. Oleynik, S. Panitkin, A. Petrosyan, J. Schovancova, A. Vaniachine,
More informationArcGIS Enterprise Security: An Introduction. Gregory Ponto & Jeff Smith
ArcGIS Enterprise Security: An Introduction Gregory Ponto & Jeff Smith Agenda ArcGIS Enterprise Security Model Portal for ArcGIS Authentication Authorization Building the Enterprise Encryption Collaboration
More informationScalable, Reliable Marshalling and Organization of Distributed Large Scale Data Onto Enterprise Storage Environments *
Scalable, Reliable Marshalling and Organization of Distributed Large Scale Data Onto Enterprise Storage Environments * Joesph JaJa joseph@ Mike Smorul toaster@ Fritz McCall fmccall@ Yang Wang wpwy@ Institute
More informationOSiRIS Overview and Challenges Ceph BOF, Supercomputing 2018, Dallas
OSiRIS Overview and Challenges Ceph BOF, Supercomputing 2018, Dallas Open Storage Research Infrastructure Ben Meekhof University of Michigan ARC-TS for the OSiRIS Collaboration Mission Statement OSiRIS
More informationAn authorization Framework for Grid Security using GT4
www.ijcsi.org 310 An authorization Framework for Grid Security using GT4 Debabrata Singh 1, Bhupendra Gupta 2,B.M.Acharya 3 4, Sarbeswar Hota S O A University, Bhubaneswar Abstract A Grid system is a Virtual
More informationA Multipolicy Authorization Framework for Grid Security
A Multipolicy Authorization Framework for Grid Security Bo Lang,,2 Ian Foster,,3 Frank Siebenlist,,3 Rachana Ananthakrishnan, Tim Freeman,3 Mathematics and Computer Science Division, Argonne National Laboratory,
More informationLeveraging Globus Identity for the Grid. Suchandra Thapa GlobusWorld, April 22, 2016 Chicago
Leveraging Globus Identity for the Grid Suchandra Thapa GlobusWorld, April 22, 2016 Chicago Open Science Grid Helps researchers speed up their research using high throughput computing methods Helps campus
More informationAPI Security Management SENTINET
API Security Management SENTINET Overview 1 Contents Introduction... 2 Security Models... 2 Authentication... 2 Authorization... 3 Security Mediation and Translation... 5 Bidirectional Security Management...
More informationRealms and Identity Policies
The following topics describe realms and identity policies: About, page 1 Create a Realm, page 8 Create an Identity Policy, page 15 Create an Identity Rule, page 15 Manage a Realm, page 20 Manage an Identity
More informationNovell Access Manager 3.1
Technical White Paper IDENTITY AND SECURITY www.novell.com Novell Access Manager 3.1 Access Control, Policy Management and Compliance Assurance Novell Access Manager 3.1 Table of Contents: 2..... Complete
More informationThe PanDA System in the ATLAS Experiment
1a, Jose Caballero b, Kaushik De a, Tadashi Maeno b, Maxim Potekhin b, Torre Wenaus b on behalf of the ATLAS collaboration a University of Texas at Arlington, Science Hall, PO Box 19059, Arlington, TX
More informationDeveloping Microsoft Azure Solutions (70-532) Syllabus
Developing Microsoft Azure Solutions (70-532) Syllabus Cloud Computing Introduction What is Cloud Computing Cloud Characteristics Cloud Computing Service Models Deployment Models in Cloud Computing Advantages
More informationEndpoint Protection with DigitalPersona Pro
DigitalPersona Product Brief Endpoint Protection with DigitalPersona Pro An introductory technical overview to DigitalPersona s suite for Access Management, Data Protection and Secure Communication. April
More informationFastPass Password Manager
FastPass Password Manager Version 3.4.2 Document Title Document Classification Public Document Revision D Document Status Final Document Date April 23, 2012 The specifications and information in this document
More informationArchitecture Proposal
Nordic Testbed for Wide Area Computing and Data Handling NORDUGRID-TECH-1 19/02/2002 Architecture Proposal M.Ellert, A.Konstantinov, B.Kónya, O.Smirnova, A.Wäänänen Introduction The document describes
More informationForeScout CounterACT. Configuration Guide. Version 3.4
ForeScout CounterACT Open Integration Module: Data Exchange Version 3.4 Table of Contents About the Data Exchange Module... 4 About Support for Dual Stack Environments... 4 Requirements... 4 CounterACT
More informationNTP Software VFM. Administration Web Site for EMC Atmos User Manual. Version 6.1
NTP Software VFM Administration Web Site for EMC Atmos User Manual Version 6.1 This guide details the method for using NTP Software VFM Administration Web Site, from an administrator s perspective. Upon
More informationManaging External Identity Sources
CHAPTER 5 The Cisco Identity Services Engine (Cisco ISE) integrates with external identity sources to validate credentials in user authentication functions, and to retrieve group information and other
More informationKerberos & HPC Batch systems. Matthieu Hautreux (CEA/DAM/DIF)
Kerberos & HPC Batch systems Matthieu Hautreux (CEA/DAM/DIF) matthieu.hautreux@cea.fr Outline Kerberos authentication HPC site environment Kerberos & HPC systems AUKS From HPC site to HPC Grid environment
More informationGridbus Portlets -- USER GUIDE -- GRIDBUS PORTLETS 1 1. GETTING STARTED 2 2. AUTHENTICATION 3 3. WORKING WITH PROJECTS 4
Gridbus Portlets -- USER GUIDE -- www.gridbus.org/broker GRIDBUS PORTLETS 1 1. GETTING STARTED 2 1.1. PREREQUISITES: 2 1.2. INSTALLATION: 2 2. AUTHENTICATION 3 3. WORKING WITH PROJECTS 4 3.1. CREATING
More informationUnderstanding StoRM: from introduction to internals
Understanding StoRM: from introduction to internals 13 November 2007 Outline Storage Resource Manager The StoRM service StoRM components and internals Deployment configuration Authorization and ACLs Conclusions.
More informationglite Grid Services Overview
The EPIKH Project (Exchange Programme to advance e-infrastructure Know-How) glite Grid Services Overview Antonio Calanducci INFN Catania Joint GISELA/EPIKH School for Grid Site Administrators Valparaiso,
More informationGaruda : The National Grid Computing Initiative Of India. Natraj A.C, CDAC Knowledge Park, Bangalore.
Garuda : The National Grid Computing Initiative Of India Natraj A.C, CDAC Knowledge Park, Bangalore. natraj@cdacb.ernet.in 1 Agenda About CDAC Garuda grid highlights Garuda Foundation Phase EU-India grid
More informationNovell Access Manager
Quick Start AUTHORIZED DOCUMENTATION Novell Access Manager 3.1 SP2 June 11, 2010 www.novell.com Novell Access Manager 3.1 SP2 Quick Start Legal Notices Novell, Inc., makes no representations or warranties
More informationNTP Software VFM Administration Web Site For Microsoft Azure
NTP Software VFM Administration Web Site For Microsoft Azure User Manual Revision 1.1. - July 2015 This guide details the method for using NTP Software VFM Administration Web Site, from an administrator
More informationDeveloping Microsoft Azure Solutions (70-532) Syllabus
Developing Microsoft Azure Solutions (70-532) Syllabus Cloud Computing Introduction What is Cloud Computing Cloud Characteristics Cloud Computing Service Models Deployment Models in Cloud Computing Advantages
More informationFreeIPA Cross Forest Trusts
Alexander Bokovoy Andreas Schneider May 10th, 2012 1 FreeIPA What is FreeIPA? Cross Forest Trusts 2 Samba 3 Demo Talloc Tutorial Pavel Březina wrote Talloc tutorial! http://talloc.samba.org/
More informationArcGIS for Server: Security
DevSummit DC February 11, 2015 Washington, DC Michael Sarhan Esri msarhan@esri.com Agenda Review Basic Security Workflow - ArcGIS Server Roles and Identity Stores - Authentication - Authorization: Securing
More informationSailPoint IdentityIQ Integration with the BeyondInsight Platform. Providing Complete Visibility and Auditing of Identities
SailPoint IdentityIQ Integration with the BeyondInsight Platform Providing Complete Visibility and Auditing of Identities Table of Contents Executive Summary... 3 Identity and Access Management... 5 BeyondTrust
More informationUSING SAML TO LINK THE GLOBUS TOOLKIT TO THE PERMIS AUTHORISATION INFRASTRUCTURE
USING SAML TO LINK THE GLOBUS TOOLKIT TO THE PERMIS AUTHORISATION INFRASTRUCTURE David Chadwick 1, Sassa Otenko 1, Von Welch 2 1 ISI, University of Salford, Salford, M5 4WT, England. 2 National Center
More informationglobus online Globus Nexus Steve Tuecke Computation Institute University of Chicago and Argonne National Laboratory
globus online Globus Nexus Steve Tuecke Computation Institute University of Chicago and Argonne National Laboratory Computation Institute (CI) Apply to challenging problems Accelerate by building the research
More informationManage Administrators and Admin Access Policies
Manage Administrators and Admin Access Policies Role-Based Access Control, on page 1 Cisco ISE Administrators, on page 1 Cisco ISE Administrator Groups, on page 3 Administrative Access to Cisco ISE, on
More informationAPI Security Management with Sentinet SENTINET
API Security Management with Sentinet SENTINET Overview 1 Contents Introduction... 2 Security Mediation and Translation... 3 Security Models... 3 Authentication... 4 Authorization... 5 Bidirectional Security
More informationDeveloping Microsoft Azure Solutions (70-532) Syllabus
Developing Microsoft Azure Solutions (70-532) Syllabus Cloud Computing Introduction What is Cloud Computing Cloud Characteristics Cloud Computing Service Models Deployment Models in Cloud Computing Advantages
More informationCloud Access Manager Overview
Cloud Access Manager 8.1.3 Overview Copyright 2017 One Identity LLC. ALL RIGHTS RESERVED. This guide contains proprietary information protected by copyright. The software described in this guide is furnished
More informationGuidelines on non-browser access
Published Date: 13-06-2017 Revision: 1.0 Work Package: Document Code: Document URL: JRA1 AARC-JRA1.4F https://aarc-project.eu/wp-content/uploads/2017/03/aarc-jra1.4f.pdf 1 Table of Contents 1 Introduction
More information